<?php
    include '../public/db_object.php';

    if(isset($_POST)){
        $login_name = trim($_POST['login_name']);
        $old_password = trim($_POST['old_password']);
        $new_password = trim($_POST['new_password']);

        $db = new DB_object(["db_name"=>"db_shop"]);
        $select_sql = "select * from sys_user where login_name="."'$login_name'";


        $data = $db->l_select_one($select_sql);
        //echo "<pre>";
        //var_dump($data);
        if(!$data){
            echo 0; // 没有该登录名
            exit;
        }
        $password = md5($old_password.$data['ssalt']);
        if($password != $data['login_pwd']){
            echo 2; // 旧密码错误
            exit;
        }

        // 设置新密码
        $new_password = md5($new_password.$data['ssalt']);
        $arr = ['login_pwd'=>"'$new_password'"];

        // 修改成功
        $res = $db->l_update_one('sys_user', $arr, "login_name='".$login_name."'");
        if($res){
            // 开启Session
            session_start();
            // 删除所有Session的变量，也可以用unset($_SESSION[XXX])逐个删除
            //$_SESSION = array();
            unset($_SESSION['login_name']);
            // 如果使用基于Cookie的session，使用setCookkie()删除包含Session ID的cookie
            if(isset($_COOKIE[session_name()])) {
                setCookie(session_name(), "", time()-42000, "/");
            }
            // 最后彻底销毁session
            session_destroy();
            echo 1;
        }
        
        
    }

?>